There is no doubt that Federated Identity Management is a hot topic and an area where more and more investments, activities and R&D efforts are going to take place.
However, I personally believe that the current situation is quite confusing – in particular for enterprises and organizations that want to be early adopters. There are too many initiatives, standardisation activities and toolkits (e.g. Liberty Alliance, WS-Federation, InfoCard/CardSpace, OpenId, etc. – just to mention a few) to track - some of them technically divergent, others overlapping in terms of functionalities. The current lack of coordination and (sometimes) cooperation is not easing the pain.
It is true that aims and goals in a few cases are reasonably different (e.g. Liberty Alliance --> Identity Federation whilst WS-Federation --> federation of Web Services – even if they partially overlap and in some points they technically diverge - http://projectliberty.org/liberty/files/whitepapers/liberty_alliance_ws_federation_a_comparative_overview) but the increasing number of “emerging” initiatives does not help to bring clarity. I believe lot of effort will be required in the months/years to come, to clearly position these initiatives in the “federated identity management” space along with the value they bring.
A key aspect that I believe will further influence the “federated identity management” area is the increasing needs (for trust, security and privacy reasons) to reconcile different types of identities at different level of abstraction in the IT stack (e.g. users’ identities, devices’ identities, network identities, etc.) and potentially allow their usage in a coordinated way within federated scenarios. This is an interesting - and at the same time very complex - research area.
Again, I would like to stress my point that in addition to the current “horizontal” federated identity management efforts, there is going to be an increased need and attention for “vertical identity federation” within an organization’s IT infrastructure – to reconcile and handle different types of identities (at different IT stack levels) to provide more secure and trustworthy authentication and access to enterprise resources. Could a blend of “SOA initiatives”, SAML assertions and federated SSO be a possible way to move forwards (e.g. http://news.zdnet.com/2100-1009_22-5535345.html)? It is not so obvious to me. I see this as another very interesting research space, quite overlooked for the time being.
What is your view on the future of Federated Identity Management (either across organizations or within an enterprise)? What do you believe are the key issues, aspects, needs and requirements that will shape this space? Feel free to comment …
No comments:
Post a Comment